If you’re a user of PrivDog ad-blocker software you may want to consider uninstalling it, after the program was found to undermine one of the most fundamental security protocols on the internet.
The software claimed to block ads and replace them with those from “trusted sources” in order to protect users’ privacy. However, it has been found that, in doing so, it undermined a the protocol called Secure Socket Layer, better known as SSL, which ensures web traffic is transmitted securely.
While this may all sound very reminiscent of last weeks’ Superfish scandal, which was also found to undermine SSL security, it’s actually a completely different bug. In fact, Hanno Böck, a German security journalist, said the flaw is “arguably … even bigger”.
“While Superfish used the same certificate and key on all hosts PrivDog recreates a key/cert on every installation. However here comes the big flaw: PrivDog will intercept every certificate and replace it with one signed by its root key. And that means also certificates that weren’t valid in the first place,” Böck wrote in a blog post.
“[PrivDog] will turn your Browser into one that just accepts every HTTPS certificate out there, whether it’s been signed by a certificate authority or not,” he added.
While the details are still a little fuzzy, Böck said it “looks pretty bad”, and he’s certainly not the only one to come to this conclusion.
For its part, PrivDog told The BBC the flaw only “affects a very limited number of websites”.
It also claimed “The potential issue has already been corrected,” although seemingly contradicted itself by adding: “There will be an update [today], which will automatically update all 57,568 users of these specific PrivDog versions.”
How to uninstall PrivDog
The good news is that, unlike Superfish, PrivDog doesn’t come preinstalled on computers as a hidden piece of software, and only one version of the software is affected – version 3.0.96.0, which was released in December 2014. This version was only available through the PrivDog website through direct download, so there’s no chance you will have installed the affected version unless you headed over to the website and downloaded it in December, or updated your existing version between then and now.
While there has been some concern over the PrivDog browser extension that came bundled with Comodo Internet Security is vulnerable, however it’s an earlier version and doesn’t have the same vulnerability.
While PrivDog says it’s fixed/fixing the problem in version 3.0.96.0, it would be understandable if you wanted to uninstall it, so we’ve produced a step-by-step guide.
1) On your computer, click on the start menu and open Control Panel
2) Next, click on programs and features
3) Find PrivDog in the list of programs, click on it, and click uninstall
4) You will be asked if you are sure you want to uninstall PrivDog, click yes. The same dialogue box will appear towards the end of the uninstall process, click yes again
That’s it, you are now PrivDog free.
Disclaimer: Some pages on this site may include an affiliate link. This does not effect our editorial in any way.
